Page 1 of 1

How do I find if a SPACE is in an uploaded filename?

Posted: Sun Mar 29, 2015 5:03 pm
by simonmlewis
I am using this code to upload photos, and added on random numbers to make them unique.
But we have issues. Because we are using images as backgrounds to DIVs, these images cannot have spaces in their filenames.
So how do I check the name of the file, perhaps before this code is executed, and if there is a space, either rename it with a _, or return them to their page with a warning?

Is it literally:

Code: Select all

$pic=($_FILES['photo']['name']);
And then Pseudocode: if $pic contains " ", redirect back to page with error?
It would be better if the file name was renamed. so they were given a better experieince. But not sure how to rename the file right from the core name.

Code: Select all

if(get_magic_quotes_gpc()) {
      $input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
     
      while(list($k, $v) = each($input)) {
        foreach($v as $key => $val) {
          if(!is_array($val)) {
            $input[$k][$key] = stripslashes($val);
            continue;
          }
          $input[] =& $input[$k][$key];
        }
      }
      unset($input);
    }
    
error_reporting(0);

$change="";
$abc="";

 define ("MAX_SIZE","400");
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

 $errors=0;
  
 if($_SERVER["REQUEST_METHOD"] == "POST")
 {
 	$image =$_FILES["photo"]["name"];
	$uploadedfile = $_FILES['photo']['tmp_name'];    
 
 	if ($image) 
 	{
 	
 		$filename = stripslashes($_FILES['photo']['name']);
 	
  		$extension = getExtension($_FILES['photo']['name']);
 		$extension = strtolower($extension);
		
		
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 		{
		
 			$change='<div class="msgdiv">Unknown Image extension </div> ';
 			$errors=1;
 		}
 		else
 		{

 $sizechange=filesize($_FILES['photo']['tmp_name']);


if ($sizechange > MAX_*1024)
{
	$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
	$errors=1;
}


if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);

}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);

}
else 
{
$src = imagecreatefromgif($uploadedfile);
}

echo $scr;

list($width,$height)=getimagesize($uploadedfile);
$tmp=imagecreatetruecolor($width,$height);

$newwidth1=250;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);

imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);
imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);
$pic=($_FILES['photo']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/productphotos/". $newname;
$filename1 = "images/productphotos/small/". $newname;
imagejpeg($tmp,$filename,100);
imagejpeg($tmp1,$filename1,100);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
}}

}

Re: How do I find if a SPACE is in an uploaded filename?

Posted: Sun Mar 29, 2015 6:09 pm
by requinix
simonmlewis wrote:Because we are using images as backgrounds to DIVs, these images cannot have spaces in their filenames.
Sure they can. If spaces are causing problems then you're probably not using quotes with the value...

Mind you, spaces aren't that nice to have in URLs anyways so it may be worth switching to underscores anyways.
You're using the $_FILES[photo][name] without any validation. You need to use validation because, technically speaking, it's user input, and like all user input it cannot be trusted. My recommendation: replace spaces with underscores or hyphens, and replace any invalid characters (basically anything but letters, numbers, and a handful of symbols you might want to allow) with underscores/hypens/nothing.

Re: How do I find if a SPACE is in an uploaded filename?

Posted: Mon Mar 30, 2015 2:00 am
by simonmlewis
Agreed... so how do you spot spaces??

Re: How do I find if a SPACE is in an uploaded filename?

Posted: Mon Mar 30, 2015 4:33 am
by requinix
You don't actually have to spot them. Do regex or string substitutions assuming they are there. For example,

Code: Select all

$filename = str_replace(" ", "_", $_FILES["photo"]["name"]);
As a first step towards "cleaning up" the filename.

Re: How do I find if a SPACE is in an uploaded filename?

Posted: Mon Mar 30, 2015 4:56 am
by simonmlewis
Terrific!